Cuppacms
by Cuppacms
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37191 | Med | 0.42 | 6.5 | 0.03 | Sep 13, 2022 | The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. | ||
| CVE-2022-38295 | Med | 0.40 | 6.1 | 0.01 | Sep 12, 2022 | Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. | ||
| CVE-2022-25497 | Med | 0.35 | 5.3 | 0.04 | Mar 15, 2022 | CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | ||
| CVE-2018-19918 | Med | 0.35 | 5.4 | 0.01 | Dec 31, 2018 | CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | ||
| CVE-2018-17300 | Med | 0.31 | 4.8 | 0.01 | Sep 21, 2018 | Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. |
- risk 0.42cvss 6.5epss 0.03
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
- risk 0.40cvss 6.1epss 0.01
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.
- risk 0.35cvss 5.3epss 0.04
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
- risk 0.35cvss 5.4epss 0.01
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
- risk 0.31cvss 4.8epss 0.01
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
Page 2 of 2